By using AWS re:Post, you agree to the Terms of Use

Cert stuck "pending validation" in eu-central-1 but works in other regions

0

I have a certificate in eu-central-1 that is stuck in a "Pending validation" state. The cert is being requested via a CloudFormation stack that I successfully deployed to 2 other regions a few hours ago without problems. The Route53 zone is setup in the same account as the Certificate and the required CNAME entry has existed for at least 6 months and was already successfully used earlier today in the 2 other regions. The dig command run locally and from various servers in different regions also shows the correct CNAME entry.

I canceled my CloudFormation stack deployment (which deleted the Certificate) and attempted to re-deploy it, but the new Certificate is still stuck in "Pending validation".

Usually, the certificates validate almost instantly. The documentation says that after clicking the "Create record in Route 53" button it can take "up to 30 minutes" for validation to complete. Right now, it has been 90 minutes since I tried redeploying my stack.

Is there currently a problem with AWS Certificate Manager validation in eu-central-1? I don't see anything on the AWS Service Health Dashboard.

3 Answers
0

This is still broken. The CloudFormation stack deployment eventually timed out and deleted everything. I am re-running the deployment but the certificate is still stuck in a "pending validation" state in eu-central-1.

I just created the exact same certificate in us-west-2 and eu-west-1 and they both validated immediately.

Can anybody from AWS help?

answered 2 years ago
0

Hi,

This is Nigel from AWS.

Could you please share your domain name so that I can take a look at my end?
If not present, could you also leave a certificate in the Pending Verification state?

Regards

Nigel

answered 2 years ago
0

Hi Nigel,

The certificate was finally successfully issued. It took 4 days and ~6 CloudFormation stack deployment attempts (since they kept timing out after 12 hours). No changes were made to DNS validation entries on my side and other certificates were issued without problems in multiple regions (including eu-central-1 for other hostnames).

I just tried manually creating a certificate for the same hostname one that was having issues and it worked fine. So it would seem that whatever problem eu-central-1 was having with this specific domain name has resolved itself.

Thanks for responding.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions